ALSA-2021:4381

[ALSA-2021:4381] Moderate: GNOME security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2021-11-12

Description:

GNOME is the default desktop environment of AlmaLinux.

The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)

Security Fix(es):

* webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)

* LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)

* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)

* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)

* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)

* webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)

* webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)

* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)

* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)

* webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)

* webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)

* webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)

* webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)

* webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)

* webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)

* webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)

* webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)

* webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)

* webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)

* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)

* webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)

* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)

* webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)

* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)

* webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)

* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)

* webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)

* gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)

* gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

CVE-2020-13558
CVE-2020-24870
CVE-2020-27918
CVE-2020-29623
CVE-2020-36241
CVE-2021-1765
CVE-2021-1788
CVE-2021-1789
CVE-2021-1799
CVE-2021-1801
CVE-2021-1844
CVE-2021-1870
CVE-2021-1871
CVE-2021-21775
CVE-2021-21779
CVE-2021-21806
CVE-2021-28650
CVE-2021-30663
CVE-2021-30665
CVE-2021-30682
CVE-2021-30689
CVE-2021-30720
CVE-2021-30734
CVE-2021-30744
CVE-2021-30749
CVE-2021-30758
CVE-2021-30795
CVE-2021-30797
CVE-2021-30799
ALSA-2021-4381

Updated packages listed below:

Architecture	Package	Checksum
aarch64	gnome-settings-daemon-3.32.0-16.el8.alma.aarch64.rpm	73524636193acf005f34fd9279eb9567a2a99d564c9f714705b31e7e6405eadb
aarch64	gnome-software-devel-3.36.1-10.el8.aarch64.rpm	9273b479534b2fedc6e525165e98bb31b708d0f1073c9a845368d539e95e3ab0
aarch64	gnome-autoar-0.2.3-2.el8.aarch64.rpm	97e173e0846f518f95c83668d87859f4bb256e4bb1e6cd545226808378a8e57f
aarch64	gnome-online-accounts-3.28.2-3.el8.aarch64.rpm	982dc13c7eea13e3f04267358e609e6e01ec671c88bf9bd7486e7d5fd47c11bf
aarch64	gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm	994577ee05469da19ef6f4e167b7fe20d05155469281b0e60060f08e01cbfdd3
aarch64	gnome-calculator-3.28.2-2.el8.aarch64.rpm	9b67a0398f268b832f9377cc4fba93e2801b8dbf33b414cbeb0b2903def6c38e
aarch64	gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm	9b989fa5befc698af86fbac6dd357b294e8e58908cb909602422a666c5b39397
aarch64	gnome-software-3.36.1-10.el8.aarch64.rpm	b04f28d83d3707c7c0e9f06177dc84b57cb5018634545a3d61880ce6fbcbc3a3
aarch64	vino-3.22.0-11.el8.aarch64.rpm	b0e6dbb7dceec19e5f418ffd0ca6a5c71a66299cb4672d487465a426c1131ca3
aarch64	gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm	c8e07e7aa9b7be2b15d2beec5f396eed344abc04756f4b2b0a3a1720ff2fbe08
i686	webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm	0fc3eb30a573cb893416f55612ae3147c7f7e172922a857d6346127a994798ef
i686	LibRaw-0.19.5-3.el8.i686.rpm	115999df84c2596ab7aed32f1c66baf9e5f1cb602c99994db5769cea30bbb3ae
i686	gtk3-devel-3.22.30-8.el8.i686.rpm	1e760f23c301894d37fa4b5765617a36bf58930e8bd8ebb96681fa3ad562b72a
i686	gnome-software-3.36.1-10.el8.i686.rpm	1f0f3065ca8b922c183ef6c1401b479591779b632899da3e3e522d4e3431844d
i686	gtk3-3.22.30-8.el8.i686.rpm	37e508b762594244940349ada65e6865e4f9afba0c69072d2a76d6d7f91c834b
i686	webkit2gtk3-devel-2.32.3-2.el8.i686.rpm	4264e1dd9e622a231ca69329a2406569ce77098667ca871ec839b87e77fecd92
i686	webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm	48055629bd3787aed31e3390b19e638dfb7e75751da7b6f467045cae44a80555
i686	LibRaw-devel-0.19.5-3.el8.i686.rpm	53512b765de8ea98b40c4a95ce98af3ab00a88169bbad21737b12a9e99d54d76
i686	gnome-online-accounts-3.28.2-3.el8.i686.rpm	660f19c0bc1f10a39012b28059e969d9c1e42d1cd01cbc4a1677678e46b987df
i686	gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm	6a6e53e86751c11026c8db1d9c11d06197d63050dc34483780b4a42b04c44ea0
i686	mutter-devel-3.32.2-60.el8.i686.rpm	73eb23af302cea1491754668cc5d9181e5318aa4967692357b43d752e4186ecf
i686	accountsservice-libs-0.6.55-2.el8.i686.rpm	7655c4da6e1bd886cd3d63e443b5acae8a0f14ba3d7b7d29205a3acdb5f97888
i686	gnome-software-devel-3.36.1-10.el8.i686.rpm	791a6b3ac180e6199498b3ae4309e17224513f86ad2eb74f0f486b10ee57feeb
i686	gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm	8f9c1a13f3faeb607edf6862b8e6db6772291909411045706419f476b9204fad
i686	gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm	c128f31eda3519ffe75dc603da461c60385e4e8b9dc43b75562fb726658b546b
i686	webkit2gtk3-2.32.3-2.el8.i686.rpm	cbe0f75c3fa963f3313ffce8972c83bfa070391d598f5793c54e9dbe49d13813
i686	mutter-3.32.2-60.el8.i686.rpm	cc6dcb165fc4337b849b6077bfbc7386f853a8a9816791e62d1b06019e2729f5
i686	accountsservice-devel-0.6.55-2.el8.i686.rpm	ec06bb263abcfff3781cb1da669f17ebb19c8f35278a36c09d28b822cef5f163
i686	gnome-autoar-0.2.3-2.el8.i686.rpm	f1eae8367e259e128759ce647845a660ce440b56abcd2f88665a9631480a3243
i686	gdm-40.0-15.el8.i686.rpm	fec1eb65fd4c4e6bb96bdd2fb056ed10f297ee9ce28799153006e0930fb040cd
noarch	gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm	0f4b0b9dc0e288824f680352455689f00d9634e85ad1f7df9a9cd918f9cd8800
noarch	gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm	12883ca682589b83d8b3df784c90452856c49ea9c47a3bd83f6b15dd18849647
noarch	gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm	197b9812633bc1b6791fa2344cc9a99077886ed7e4d36b29ba70dc6d24f4a2d6
noarch	gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm	1f2756d452b92c398fc3a3ca87f6b5c8f3d62aca9e3cacd109afbdf3dd5e4725
noarch	gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm	209a432b46266d563b957a40e258cca80efa657e78a8668ed99063a17ecd3fb6
noarch	gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm	22e4952c4600fde0fe5beb109df5f75817a9db7174624287a34efdc233c0a5a8
noarch	gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm	22f1c8aa2c62455df8c5700696b1b3a8e9443bc455ac8d61ae560e309fc3eb03
noarch	gnome-classic-session-3.32.1-20.el8.noarch.rpm	240b724c8d0954e3f88dd22e28bee5fc227d20eed33a24f8b74737eb79a85363
noarch	gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm	27dec8e9411890bd63f6eeff481b8b358b0936388b9403f7c6c86999634eab3a
noarch	gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm	328a21e8a6eda1bc55dba1ba087f2d9039a54a3cb99bdfe6f4385ca1d1bc9a48
noarch	gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm	50d0b16fb06f01369e3131360d15a7213d6888964b176d44241b47733f0eb684
noarch	gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm	53d5706fdea3c81e24fb4f17e2ac3c650f216ce72947baa9e0ed990fa3fff18e
noarch	gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm	62d3f5e22955c0e36faa6c35b12991a387b31e456b857b706f74d4329ebafa55
noarch	gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm	6758a6dbdfb0938cf8b8d0b3ff7354a641a16399ac86b75499b607508a1442ca
noarch	gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm	6a2ff4818678fe48903659c9872f526172ab9c49dc5a551734257c173c5751be
noarch	gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm	76fd32bcd29bbc1882639d62f13e8f1bafcae4a6f6e414c3fcdebe36791eb9b7
noarch	gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm	9aa6e1b652a18b0407ceb4747c1490dd30ed6c3a42fb7caa99b68a6eb8d25af4
noarch	gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm	9e02469a8cdc0f0ed5ecad79113b359d8ca13c947f403a79ea9aeb250ba7ae2b
noarch	gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm	9ea89ea24e57ba8a8d0161179361ff91c0a830095b9116162ccaa184ed4af87f
noarch	gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm	a3fe6ac9b53f5488916a153ac13de2852aedf1b3945e806f62273fb25d56f526
noarch	gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm	cda0edc56afd2e69691c5523003b5ce23cf5765caba5c73cf19cd5546f0fe442
noarch	gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm	e8e2e2cfcb4f02ade39db076b6194a454ad1788f1869ee18f78d785f4bc67606
noarch	gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm	ee927e5db3e34affac53451daf029e1df36bc70dfca28dd163ac3802a8bd36cf
noarch	gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm	f43ef0ff4448ead5a0a7682b8bcc0b73db507ef9e2582ee66fceea665b891097
noarch	gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm	f6ef0abcc9e5af4fbf4ec7112fc68a59d4176545ea0386cea2630427da1f867e
ppc64le	gnome-autoar-0.2.3-2.el8.ppc64le.rpm	06b8fc157449559ce726ba73f0c743399fb79fe61e5f118a94a231188d911768
ppc64le	gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm	2dde1774f3edcbff13f1eda38a59266b386061a6b5f2049540c9b1a7be577c53
ppc64le	gnome-settings-daemon-3.32.0-16.el8.alma.ppc64le.rpm	2f895b31abe11b03b279d0f3c31174cd2a1d47476fd25c4750535f59844457e5
ppc64le	LibRaw-devel-0.19.5-3.el8.ppc64le.rpm	87550b11b219ffdfd14634f753552acd5c62d5c50540056c4e73885aa99ca149
ppc64le	vino-3.22.0-11.el8.ppc64le.rpm	977f1e17a9170b4f72e426848b68e0382d5cd6b3e68895db5ac22d13516668b5
ppc64le	gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm	a6629200f1c016b173cad6e441503f4be187f42340bee9c2bef4ee94319d1317
ppc64le	gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm	c381122a1d29f990a164f6f0e15a6245e839c8152a14f363841df187373dabde
ppc64le	gnome-calculator-3.28.2-2.el8.ppc64le.rpm	d0f699be2f1527118525d1db195d62c1b4cd0f4fb89b8bab852420fb526ad8c7
ppc64le	gnome-software-3.36.1-10.el8.ppc64le.rpm	e1618ffd13ecf0d3af194c640ed4409a772a2c1a8ea94a2f14ff508c2dfd4615
ppc64le	gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm	e868c2599c92f3c66839bf72edd27a5af97457db7fc95cbeed377b15ecf36af7
ppc64le	LibRaw-0.19.5-3.el8.ppc64le.rpm	eb69d47bd4c1f2cd2e5cf3e5ccd107f4f4fb6357b610af7c2819ff408b19dfb2
ppc64le	gnome-software-devel-3.36.1-10.el8.ppc64le.rpm	ebd63361115c81abd120214e63b480beb2737f9b1a98cb233562b6dfcb54787c
x86_64	gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm	033e3547382db2c7217fca36241b1f9a528ead4fd3d28216429468ed9882621e
x86_64	accountsservice-libs-0.6.55-2.el8.x86_64.rpm	1d3dd0c1b5cdd8a4867afcd72ad2ae969b9b66eb1f33bc8c76d065f5689aef7a
x86_64	webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm	1f8e49f78d11c516273a3b4fbc862847008f4ff8006a39b2ebb6c56f2a94b576
x86_64	gnome-session-3.28.1-13.el8.x86_64.rpm	20686252bd10928ea9ef39a59d3a47a5182a93bfcc8ce4437c9d2f5a6a4ca354
x86_64	webkit2gtk3-2.32.3-2.el8.x86_64.rpm	2221e12184dc8ef8ab2699f11d7824510d95c615dcd8862edca78d09284b3e41
x86_64	gnome-online-accounts-3.28.2-3.el8.x86_64.rpm	243943a0b2f528168a25a5eb7f487368e5bc75c5e236048718140f9502a51c7e
x86_64	gtk3-3.22.30-8.el8.x86_64.rpm	2584852855dd92fffefd73bc8ff44477d0f0c93698cb1646416d5b9aa0f43cf7
x86_64	gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm	300ff6db7cc22fffe1a9765343edea2bf6ec95ca8a40e76a101c58c03fd30a08
x86_64	accountsservice-0.6.55-2.el8.x86_64.rpm	3c763ffcad320117fae86d60d2cc8858f72628d5da06c1b08c6e3ee28223c83b
x86_64	gnome-shell-3.32.2-40.el8.x86_64.rpm	47a46cc300e750bf387446e69b450f2d39c4a91378b2684a6be875972a89ac54
x86_64	gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm	492265746533c1fa8823b431e2edcc55c5320496a514c621a1ba0a80678585fa
x86_64	vino-3.22.0-11.el8.x86_64.rpm	49b18c1397bfabec46c8751c678fec2b6529a7266be2219d9705a29ba12ed6e4
x86_64	gnome-settings-daemon-3.32.0-16.el8.alma.x86_64.rpm	50f75fa18676445f66ceadea440b39b5e0fa7ff95ce3485988f60b465009075e
x86_64	webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm	52685245797977207db1ae81420ed5f2a6f7f2dfd52e19f52f0befca10c3efaf
x86_64	LibRaw-0.19.5-3.el8.x86_64.rpm	6a34fb199dc3628ad8908c0195022c2f4b643799970a12740ca8cf9dda636811
x86_64	accountsservice-devel-0.6.55-2.el8.x86_64.rpm	71888c60ede07da8cb4f1a9d98edb577f19e70e1da816677baf7d5372ba8b2b5
x86_64	LibRaw-devel-0.19.5-3.el8.x86_64.rpm	78b00af7239c06283617894892d4b7ef28c385ae0314cbb530d2167569f1207b
x86_64	gdm-40.0-15.el8.x86_64.rpm	86b9d8c478c5e99904666f790646692fe7421288795971a90e894cb1cfc4b849
x86_64	gnome-autoar-0.2.3-2.el8.x86_64.rpm	8cac3ea2b063ad06f1f14bbe5dda801ffc8eaa3a25041b0478f9ff68a567e3c6
x86_64	webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm	980fdfe9c8fb75cef76c08c6a16d2e96f0659539482a5ffe7539dc26a32602c2
x86_64	mutter-3.32.2-60.el8.x86_64.rpm	98a5d729e93596b14d5fc673ccb4ace1b96b011439cd1f85d52969c1fc5bb011
x86_64	gnome-software-devel-3.36.1-10.el8.x86_64.rpm	9b68b6a5c14f40d904a23f228a3902685bf8a72bd77ce6e8f09e54a17a94b72f
x86_64	gnome-control-center-3.28.2-28.el8.x86_64.rpm	a10a6f7161e38a50896893384c7f24ba36cd29cf01fa28e039667cbc6d3ca358
x86_64	gnome-calculator-3.28.2-2.el8.x86_64.rpm	a65b07d8a67f0745fac13f607efa31bbb0d06a2e0357d0529a4055bbf5f8d0f5
x86_64	gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm	a8ef00341f24d40909d53c342f519466431d437ce99196ff296a3432deb1fb94
x86_64	gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm	acc32160ceb113aa2039da5446d488101c4357611512df8a84880551e37932cd
x86_64	mutter-devel-3.32.2-60.el8.x86_64.rpm	b4e2561f9f8d1bb050c051911869d377f2303df742bfe045fa3c169b25224391
x86_64	gnome-session-xsession-3.28.1-13.el8.x86_64.rpm	bf2fcf7a6852e40823b0d91a4bb70e68491efcadb27c0311a66517a87619d99d
x86_64	gnome-software-3.36.1-10.el8.x86_64.rpm	d6c8d617162381e58be1af519a2c50037ad2d211459832db7163f5cd39751d79
x86_64	gtk3-devel-3.22.30-8.el8.x86_64.rpm	d982a6a743b422ab91216e83eeb81fefb1c7c9c41b9dec82cff73467e09d8b52
x86_64	gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm	eef582a147c939ca4efffbd4df65c3e4fcc5a23e5f1a3a6b95dffa523bd8f496

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.